31
20.1 Legacy Series / IPSEC Multiple SPIs State Installed?
« on: March 24, 2020, 03:38:56 pm »
Hello,
I am connecting two OPNsenses via IPSEC successfully but it seams to strange/flakey as connections between both sides drops quite fast even with DPD configured on both sides. At the same time In the "Status Overview" I have several SPIs with a INSTALLED/routed status.
Side A is a single OPNsense connecting via PPPoE with an dynamically allocated IPv4 address and a DynDNS hostname.
Side B are two OPNsense in HA with a public /29 IPv4 net.
here are my configs
I am connecting two OPNsenses via IPSEC successfully but it seams to strange/flakey as connections between both sides drops quite fast even with DPD configured on both sides. At the same time In the "Status Overview" I have several SPIs with a INSTALLED/routed status.
Side A is a single OPNsense connecting via PPPoE with an dynamically allocated IPv4 address and a DynDNS hostname.
Side B are two OPNsense in HA with a public /29 IPv4 net.
here are my configs
A<>B
Connection method default<>default
Key Exchange version auto<>auto
Internet Protocal IPv4<>IPv4
Interface WAN<>"CARP IP"
Remote Gateway "CARP IP"<>"DYNDNS-FQDN"
Dynamic Gateway No<>YES
Phase 1 proposal (Authentication)
Authentication method Mutal PSK<>Mutual PSK
My Identifier DN "DYNDNS-FQDN"<>IPAdress "CARP IP"
Peer Identifier IPAdress "CARP IP"<>DN "DYNDNS-FQDN"
Phase 1 proposal (Algorithms)
Encryption algorithm AES 256<>AES 256
Hash Algorithms SHA256<>SHA256
DH key group 14<>14
Lifetime 28800<>28800
NAT Traversal Enable<>Enable
Dead Peer Detection YES<>YES
Tunnel
Mode Tunnel IPv4<>Tunnel IPv4
LocalNetwork
Type Network<>Network
Address 172.19.173.0/24<>10.100.0.0/16
Remote Network
Type Network<>Network
Address 10.100.0.0/16<>172.19.173.0/24
Phase 2 Proposal
Protocol ESP<>ESP
Encryption AES 256bits auto<>AES 256bits auto
Hash algorithms SHA256<>SHA256
PFS key group 14<>14
Lifetime 3600<>3600
Advanced Options
Automatically ping host "LAN CARP IP"<>"OPN LAN IP"